<?php
/***************************************************************************
 *                               newpilot.php
 *                            -------------------
 *                       (APU) Automated Pilot Utility
 *   begin                : Wednesday, Nov 10, 2004 && Saturday Nov 18, 2006
 *   copyright            : (C) 2004-2006 SF Games
 *   email                : techsupport@sf-games.com
 *
 ***************************************************************************/

	include('common.php');
	include('config.php');

	// Global
	$aErrors = array();

	// Local variables
	$posted = array("FIRST_NAME" => "", "LAST_NAME" => "", "PILOT_ID" => "", "EMAIL" => "", "PASSWORD1" => "", "PASSWORD2" => "", "ADMIN_LOGIN" => "", "ADMIN_PASSWORD" => "");
	$referrer = $_POST["referrer"];

	$bIdMatch    = false;
	$bSuccess    = false;
	$bAdminCheck = false;

	htmlHeader();

	// Gather Form POST variables and validate
	$posted = gatherPost($posted);

	if ( count($aErrors) > 0 )
	{
		echo "	<table class=\"table_roster_footer\">\n";
		echo "	<tbody>\n";
		echo "		<tr>\n";
		echo "			<td><span class=\"textred\">\n";
		echo "<div class=\"textdarkCenter\">There are " .count($aErrors) ." submission errors found!<br /><br /></div>\n";

		foreach ($aErrors as $sErr)
			echo $sErr ."<br />\n";

		echo "<div class=\"textdarkCenter\"><br />Press your browsers back button <a href=\"" .$referrer ."\">or here</a> and correct the invalid entries.<br /><br /></div>\n";
		echo "</span></td>\n";
		echo "		</tr>\n";
		echo "	</tbody>\n";
		echo "	<tfoot><tr><td colspan=\"1\"></td></tr></tfoot>\n";
		echo "	</table>\n";
	}
	else
	{
		$bAdminCheck = true;

		// If administrator is required to add new pilots, check admin credentials.
		if ( $bAllowPilotRegister == false )
		{
			if ( $masterId != $posted["ADMIN_LOGIN"] )
			{
				echo "<p class=\"textred\">Incorrect administrator login name.</p>\n";
				$bAdminCheck = false;
			}

			if ( $masterPass != $posted["ADMIN_PASSWORD"] )
			{
				echo "<p class=\"textred\">Incorrect administrator password.</p>\n";
				$bAdminCheck = false;
			}
		}

		if ( bAdminCheck == true )
		{
			$db = mysql_connect($dbhost, $dbuname, $dbpass)
				or die("Could not connect to the SQL server<br>");

			// Look for any other ID matching this, if found, we have a duplicate entry
			mysql_select_db($dbname);

			// Performing SQL query to get all pilots IDs
			$query = "SELECT * FROM " .$table_prefix ."PILOTS WHERE PILOT_ID=\"" .$posted["PILOT_ID"] ."\"";
			$result = mysql_query($query)
				or die("Query failed<br>");

			// Look for any matching ID
			while ($row = mysql_fetch_array($result, MYSQL_ASSOC))
			{
				if ( $row["PILOT_ID"] == $posted["PILOT_ID"] )
					$bIdMatch = true;
			}

			if ( $bIdMatch )
			{
				echo "<p class=\"textred\">Pilot ID given, already exists in the database.<br />\n";
				echo "Press your browsers back button <a href=\"" .$referrer ."\">or here</a> and correct the invalid entries.<br /><br /></p>\n";
			}
			else
			{
				// Encrypt the password
				$pencrpyt = md5($posted['PASSWORD1']);

				// Todays date as MySQL date for date joined and last fly date
				$todaysDate = getTodayAsSQLDate();

				$query = "INSERT INTO " .$table_prefix ."PILOTS (PILOT_ID,PASSWORD,FIRST_NAME,LAST_NAME,EMAIL,RANK_AC,RANK_HELO,HOURS_AC,HOURS_HELO,TOTAL_HRS,CUR_BID,BID,DART,SAR,FLEET_SUP,LOA,ACTIVE,JOINED,LAST_FLY) VALUES (";
				$query .= "'".$posted["PILOT_ID"]."',";		// PILOT_ID
				$query .= "'".$pencrpyt."',";				// PASSWORD
				$query .= "'".$posted["FIRST_NAME"]."',";	// FIRST_NAME
				$query .= "'".$posted["LAST_NAME"]."',";	// LAST_NAME
				$query .= "'".$posted["EMAIL"]."',";		// EMAIL
				$query .= "1,";								// RANK_AC
				$query .= "1,";								// RANK_HELO
				$query .= "0.0,";							// HOURS_AC
				$query .= "0.0,";							// HOURS_HELO
				$query .= "0.0,";							// TOTAL_HRS
				$query .= "0,";								// CUR_BID
				$query .= "'No Bid',";						// BID
				$query .= "0,";								// DART
				$query .= "0,";								// SAR
				$query .= "0,";								// FLEET_SUP
				$query .= "0,";								// LOA
				$query .= "1,";								// ACTIVE
				$query .= "'".$todaysDate."',";				// JOINED
				$query .= "'".$todaysDate."'";				// LAST_FLY
				$query .= ")";
				$result = mysql_query($query);

				$bSuccess = true;
				if ( $result == FALSE )
				{
					$bSuccess = false;
					echo "INSERT Failed. Could not add you to the database.<br />";
					echo mysql_errno().": ".mysql_error()."<br />";

					echo "<p class=\"textred\">INSERT Failed. Could not add you to the database. SQL Error: " .mysql_errno() ."<br />\n";
					echo "Press your browsers back button <a href=\"" .$referrer ."\">or here</a> to try again.<br /><br /></p>\n";
				}
				else
				{
					// Welcome new pilot
					echo("Welcome " .$posted["FIRST_NAME"] ." " .$posted["LAST_NAME"] ." to " .$vaName ."<br />");
					echo("You have been added to the Pilots Database with a pilot id of: " .$posted["PILOT_ID"] ."<br />");
					echo("A welcome e-mail has been sent to the e-mail address you provided.<br />");
					echo("<br />");

					// Send an E-mail to new pilot
					$to       = $email .", " .$adminEmailAddress;
					$subject  = "New Pilot Registration - " .$posted["FIRST_NAME"] ." " .$posted["LAST_NAME"] ." - " .$posted["PILOT_ID"];

					$message  = "<p class=\"textredB\">Welcome to " .$vaName ." " .$posted["FIRST_NAME"] ." " .$posted["LAST_NAME"] ."</p><br>\n";
					$message .= "<hr><br>\n";
					$message .= "You have been assigned the Pilot ID of: " .$posted["PILOT_ID"] ."<br>\n";
					$message .= "<br>\n";
					if ( strlen($newPilotMessage) > 0 )	// Add any additional message from config.php to the welcome e-mail
						$message .= $newPilotMessage;
					$message .= "<hr><br>\n";

					sendEmail("New Pilot Registration", $to, $subject, $message);
				}
			}

			// Closing SQL connection
			mysql_close($db);

			// obliterate passwords for security
			if ( isset($_POST['password1']) ) unset($_POST['password1']);
			if ( isset($_POST['password2']) ) unset($_POST['password2']);
			$posted['PASSWORD1'] = "";
			$posted['PASSWORD2'] = "";
			$pencrpyt = "";
		}
	}

	htmlFooter();

?>

<?php

			///////////////////////////////////////////
			//                                       //
			//          Support Functions            //
			//                                       //
			///////////////////////////////////////////

//
// Display HTML header
//
function htmlHeader()
{
	echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n";
	echo "<html xmlns=\"http://www.w3.org/1999/xhtml\">\n";
	echo "<head>\n";
	echo "<title>APU New Pilot</title>\n";
	include('header.php');

	echo "<style type=\"text/css\" media=\"screen\"> <!-- @import url(apu.css); --> </style>\n";

	echo "</head>\n";
	echo "<body>\n";
	echo "<div align=\"center\">\n";
}

//
// Display HTML footer
//
function htmlFooter()
{
	global $timer1;
	global $rosterNavigateTo;
	global $rosterNavigateVerbiage;
	global $APU_COPYRIGHT;

	// Display return to another page link/table
	echo "	<table class=\"table_roster_footer\">\n";
	echo "	<tbody>\n";
	echo "		<tr>\n";
	echo "			<td><div align=\"center\"><span class=\"textdark\">Click <a href=\"../" .$rosterNavigateTo ."\">here</a> " .$rosterNavigateVerbiage ."</span></div></td>\n";
	echo "		</tr>\n";
	echo "	</tbody>\n";
	echo "	<tfoot><tr><td colspan=\"1\"></td></tr></tfoot>\n";
	echo "	</table>\n";

	// Display Copyright
	echo "<p>" .$APU_COPYRIGHT ."</p>\n";

	// End HTML
	echo "</div>\n";
	echo "</body>\n";
	echo "</html>\n";
}

//
// Gather POSTed variables from the form submission
//
// Function validates lengths of required variables, strips any HTML and PHP and trims
// the string of leading and trailing white space.
//
// The global $aErrors may contain zero or more errors if any are found.
//
function gatherPost($posted)
{
	include('config.php');
	include('commondefs.php');
	global $aErrors;

	if ( isset($_POST['firstname']) )
	{
		if ( strlen($_POST['firstname']) > 0 && strlen($_POST['firstname']) <= $MAX_FIRST_NAME_LENGTH )
		{
			$posted["FIRST_NAME"] = strip_tags($_POST['firstname']);
			$posted["FIRST_NAME"] = trim($posted["FIRST_NAME"]);
		}
		else
			array_push($aErrors, "Your first name is empty or exceeds the allowed length of " .$MAX_FIRST_NAME_LENGTH);
	}

	if ( isset($_POST['lastname']) )
	{
		if ( strlen($_POST['lastname']) > 0 && strlen($_POST['lastname']) <= $MAX_LAST_NAME_LENGTH )
		{
			$posted["LAST_NAME"] = strip_tags($_POST['lastname']);
			$posted["LAST_NAME"] = trim($posted["LAST_NAME"]);
		}
		else
			array_push($aErrors, "Your last name is empty or exceeds the allowed length of " .$MAX_LAST_NAME_LENGTH);
	}

	if ( isset($_POST['pilot_id']) )
	{
		if ( strlen($_POST['pilot_id']) > 0 && strlen($_POST['pilot_id']) <= $MAX_ID_LENGTH )
		{
			$posted["PILOT_ID"] = strip_tags($_POST['pilot_id']);
			$posted["PILOT_ID"] = trim($posted["PILOT_ID"]);

			if ( $bCapitalizedID )
				$posted["PILOT_ID"] = strtoupper($posted["PILOT_ID"]);
		}
		else
			array_push($aErrors, "Your id is empty or exceeds the allowed length of " .$MAX_ID_LENGTH);
	}

	if ( isset($_POST['email']) )
	{
		if ( strlen($_POST['email']) > 0 && strlen($_POST['email']) <= $MAX_EMAIL_LENGTH )
		{
			$posted["EMAIL"] = strip_tags($_POST['email']);
			$posted["EMAIL"] = trim($posted["EMAIL"]);
		}
		else
			array_push($aErrors, "Your e-mail is empty or exceeds the allowed length of " .$MAX_EMAIL_LENGTH);
	}

	if ( isset($_POST['password1']) )
	{
		if ( strlen($_POST['password1']) > 0 && strlen($_POST['password1']) <= $MAX_PASSWORD_LENGTH )
		{
			$posted["PASSWORD1"] = strip_tags($_POST['password1']);
			$posted["PASSWORD1"] = trim($posted["PASSWORD1"]);
		}
		else
			array_push($aErrors, "Your password is empty or exceeds the allowed length of " .$MAX_PASSWORD_LENGTH);
	}

	if ( isset($_POST['password2']) )
	{
		if ( strlen($_POST['password2']) > 0 && strlen($_POST['password2']) <= $MAX_PASSWORD_LENGTH )
		{
			$posted["PASSWORD2"] = strip_tags($_POST['password2']);
			$posted["PASSWORD2"] = trim($posted["PASSWORD2"]);
		}
		else
			array_push($aErrors, "Your second password is empty or exceeds the allowed length of " .$MAX_PASSWORD_LENGTH);
	}

	if ( $bAllowPilotRegister == false )
	{
		if ( isset($_POST['admin_login']) )
		{
			if ( strlen($_POST['admin_login']) > 0 && strlen($_POST['admin_login']) <= $MAX_ID_LENGTH )
			{
				$posted["ADMIN_LOGIN"] = strip_tags($_POST['admin_login']);
				$posted["ADMIN_LOGIN"] = trim($posted["ADMIN_LOGIN"]);
			}
			else
				array_push($aErrors, "Your admin id is empty or exceeds the allowed length of " .$MAX_ID_LENGTH);
		}

		if ( isset($_POST['admin_password']) )
		{
			if ( strlen($_POST['admin_password']) > 0 && strlen($_POST['admin_password']) <= $MAX_PASSWORD_LENGTH )
			{
				$posted["ADMIN_PASSWORD"] = strip_tags($_POST['admin_password']);
				$posted["ADMIN_PASSWORD"] = trim($posted["ADMIN_PASSWORD"]);
			}
			else
				array_push($aErrors, "Your admin password is empty or exceeds the allowed length of " .$MAX_PASSWORD_LENGTH);
		}
	}

	if ( $posted["PASSWORD1"] != $posted["PASSWORD2"] )
		array_push($aErrors, "The passwords you entered do not match. Ensure your password is entered in the same, twice ");

	return $posted;
}

 ?>
